Unchecked malloc fixes

[openssl.git] / ssl / s3_pkt.c

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 85af629cda5ac481e0008469fea27e7fc98aa363..f54152e8ec0c6526e4e56ff17a0a55098f378fbf 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -231,7 +231,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
         return -1;
     }
 
-    if (!s->read_ahead)
+    /* We always act like read_ahead is set for DTLS */
+    if (!s->read_ahead && !SSL_IS_DTLS(s))
         /* ignore max parameter */
         max = n;
     else {
@@ -351,9 +352,6 @@ static int ssl3_get_record(SSL *s)
         ssl_minor = *(p++);
         version = (ssl_major << 8) | ssl_minor;
         n2s(p, rr->length);
-#if 0
-        fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
-#endif
 
         /* Lets check version */
         if (!s->first_packet) {
@@ -584,10 +582,6 @@ static int ssl3_get_record(SSL *s)
         }
         goto again;
     }
-#if 0
-    fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type,
-            rr->length);
-#endif
 
     return (1);
 
@@ -733,6 +727,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                 packlen *= 4;
 
             wb->buf = OPENSSL_malloc(packlen);
+            if(!wb->buf) {
+                SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
             wb->len = packlen;
         } else if (tot == len) { /* done? */
             OPENSSL_free(wb->buf); /* free jumbo buffer */
@@ -905,11 +903,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
     if ((sess == NULL) ||
         (s->enc_write_ctx == NULL) ||
         (EVP_MD_CTX_md(s->write_hash) == NULL)) {
-#if 1
         clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
-#else
-        clear = 1;
-#endif
         mac_size = 0;
     } else {
         mac_size = EVP_MD_CTX_size(s->write_hash);
@@ -917,60 +911,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
             goto err;
     }
 
-#if 0 && !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
-    if (type == SSL3_RT_APPLICATION_DATA && s->compress == NULL &&
-        !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
-        EVP_CIPHER_flags(s->enc_write_ctx->cipher) &
-        EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
-        do {
-            unsigned char aad[13];
-            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param =
-                { NULL, aad, sizeof(aad), 0 };
-            int packlen;
-
-            memcpy(aad, s->s3->write_sequence, 8);
-            aad[8] = type;
-            aad[9] = (unsigned char)(s->version >> 8);
-            aad[10] = (unsigned char)(s->version);
-            aad[11] = (unsigned char)(len >> 8);
-            aad[12] = (unsigned char)len;
-            packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
-                                          EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
-                                          sizeof(mb_param), &mb_param);
-
-            if (packlen == 0 || packlen > wb->len)
-                break;
-
-            mb_param.out = wb->buf;
-            mb_param.inp = buf;
-            mb_param.len = len;
-            EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
-                                EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
-                                sizeof(mb_param), &mb_param);
-
-            s->s3->write_sequence[7] += mb_param.interleave;
-            if (s->s3->write_sequence[7] < mb_param.interleave) {
-                int j = 6;
-                while (j >= 0 && (++s->s3->write_sequence[j--]) == 0) ;
-            }
-
-            wb->offset = 0;
-            wb->left = packlen;
-
-            /*
-             * memorize arguments so that ssl3_write_pending can detect bad
-             * write retries later
-             */
-            s->s3->wpend_tot = len;
-            s->s3->wpend_buf = buf;
-            s->s3->wpend_type = type;
-            s->s3->wpend_ret = len;
-
-            /* we now just need to write the buffer */
-            return ssl3_write_pending(s, type, buf, len);
-        } while (0);
-#endif
-
     /*
      * 'create_empty_fragment' is true only when this function calls itself
      */
@@ -1607,15 +1547,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
     if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) {
         if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
             !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
-#if 0                           /* worked only because C operator preferences
-                                 * are not as expected (and because this is
-                                 * not really needed for clients except for
-                                 * detecting protocol violations): */
-            s->state = SSL_ST_BEFORE | (s->server)
-                ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#else
             s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
             s->renegotiate = 1;
             s->new_session = 1;
         }
@@ -1648,7 +1580,6 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 
     switch (rr->type) {
     default:
-#ifndef OPENSSL_NO_TLS
         /*
          * TLS up to v1.1 just ignores unknown message types: TLS v1.2 give
          * an unexpected message alert.
@@ -1657,7 +1588,6 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
             rr->length = 0;
             goto start;
         }
-#endif
         al = SSL_AD_UNEXPECTED_MESSAGE;
         SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
         goto f_err;